Security Vulnerabilities

Reporting a security vulnerability

If you suspect you have found a security defect in BIND or DHCP, or if you wish to inquire about a security issue that you have learned about which has not yet been publicly announced, ISC encourages you to get in touch with our Security Officer by selecting the appropriate pull-down on the Bug Report Form.

Ensuring you are not running software with a known vulnerability

To be notified of any new discovered vulnerabilities, you can either subscribe for BIND Basic support, which entitles you to advance notification of security vulnerabilities via a secure one-way support queue, or you can follow ISC security notices by subscribing to the BIND-Announce mailing list.

ISC uses the CVSS, a program of first.org and NIST, to determine the severity of potential security issues.